As first reported by The Daily Hodl, a significant cybersecurity breach at Cumberland County Hospital (CCH) in Kentucky has impacted the sensitive information of 36,659 individuals.
The breach, discovered on April 3, 2025, was traced back to unauthorized system access beginning February 21. During this period, attackers reportedly accessed a vast trove of personal, financial, and health-related data belonging to both patients and employees.
Source: cchospital.org.
The stolen data may include names, Social Security numbers, diagnoses, treatment records, banking details, and even tax documents such as W-2 and W-4 forms. While CCH confirmed that its electronic medical records and billing system were not accessed, the scope of exposed information still raises significant concerns. In response, the hospital swiftly disabled its systems, notified law enforcement, and launched an investigation with the help of cybersecurity experts.
CCH has since notified all affected individuals and is offering 12 months of free identity monitoring services. To bolster its defenses, the hospital has overhauled its cybersecurity protocols to help prevent future incidents. The breach underscores the rising threat of cyberattacks targeting healthcare providers and the urgent need for strong data security practices in the sector.
